Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Added libdomainkeys sources, fixed up the Makefile.
- Loading branch information
Showing
60 changed files
with
5,087 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,173 @@ | ||
Changed from 0.68 to 0.69: | ||
API: | ||
o Added dk_granularity() to retrieve the value of (g=) tag in DNS lookup (called after dk_end) | ||
o Added DK_STAT_GRANULARITY status enumeration | ||
o Fixed dktest.c to check for DK_STAT_GRANULARITY | ||
|
||
Internal: | ||
o Fixed dk_headers() to always return the proper length of a null terminated header list, even with a NULL argument and | ||
RDUPE on | ||
o Added dk->granularity pointer to DK struct | ||
o Python wrapper updates | ||
o Updated Documentation and test script | ||
o Fixed bug with policy: | ||
Consider a message with both a Sender: and a From: header, but no DK signature. | ||
|
||
Changed from 0.67 to 0.68: | ||
|
||
API: | ||
o Added dk_settxt() to bypass dns lookups and set query responses manually | ||
o Added dk_domain() to return the domain name used (dk->domain) | ||
o Added python wrapper (domainkeys_wrap.c) (use make python to make shared object to import) | ||
|
||
Internal: | ||
|
||
Changed from 0.66 to 0.67: | ||
|
||
API: | ||
o Incompatible changes made: dk_free requires an additional parameter, used to specify the OpenSSL Error State should be cleared | ||
o Added dk_setopts() and dk_getopts() | ||
o Deprecated dk_enable_trace() and dk_remdupe() in favor of using dk_setopts() | ||
o Added dk_shutdown() to be used at application shutdown (frees dklib and openssl memory when done) | ||
|
||
Internal: | ||
o Clarified documented behavior for dk_end()/dk_policy() and flag retrieval | ||
o Performance improvments (see source for DK_HASH_BUFF) | ||
o Fixed dkt_generate to remove the last ':' char and report accurate length of string returned | ||
o Fixed memory leak in dk_headers() | ||
o Added dk_init() Documentation update (Safe Multi-Thread Usage) | ||
|
||
Changed from 0.65 to 0.66: | ||
|
||
API: | ||
o No incompatible changes made. | ||
o Added dk_compare_trace(), dk_enable_trace() and dk_get_trace() | ||
o Added -T option to dktest to enable generation of trace headers | ||
|
||
Internal: | ||
o Added test to dk_message() to detect stray CRs | ||
o Fixed parent domain handling | ||
|
||
Changes from 0.64 to 0.65: | ||
API: | ||
o No incompatible changes made. | ||
o Added dk_remdupe() to turn on/off ignoring hashing in duplicate headers when signing | ||
o Added dk_selector() to return the selector name used or NULL if there isn't one | ||
o Added -h option to dktest to add h= tag when signing | ||
o Added -r option to dktest to enable ignoring duplicate headers when signing (implies -h) | ||
|
||
Internal: | ||
o Win32 and Unixware compatability | ||
o dk_headers() now reports accurate length of h= list and preserves duplicate headers | ||
o Fixed dkheaders_header() to properly handle h= tags when verifying, handles duplicate headers properly | ||
o Fixed simple canon, no longer unfolds headers when in simple canon | ||
o Fixed nofws canon when an embedded \r is in the body of a message | ||
o Fixed dk_from() to properly report the senders domain when the message is not signed | ||
o Fixed dk_from() to properly return NULL when the sender address is malformed (ie: @host, user@, @, <empty>) | ||
o Added check in dkheaders() to check dk_from() after parsing headers to make sure there is a valid sender address | ||
o Fixed dk_policy() to use dk_from(), not value in dk->from | ||
o Fixed handling of messages when verifying and more than one DK-Sig header is found, now uses the first DK-Sig found properly | ||
o Fixed handling of messages when signing and there is an existing DK-Sig (Sender: before DK-Sig), pre-existing DK-Sig is ignored | ||
|
||
Changes from 0.63 to 0.64: | ||
|
||
API: | ||
o No incompatible changes made. | ||
o Added dk_headers(). | ||
o Added DK_FLAG_G, which reports that g= was present. | ||
o Added dk_address(). | ||
o Deprecated dk_from(). | ||
o Added dk_end() (like dk_eom only it doesn't call dk_policy()). | ||
o Added dk_policy(). | ||
o Deprecated dk_eom() in favor of calling dk_end and dk_policy. | ||
|
||
Internal: | ||
o dns_txt replaced by dns_text (internal-only change). | ||
o dns_text now always returns a malloc'ed string. | ||
o Added copyright and license. | ||
o Added DK_MALLOC(), DK_MFREE(), and dk_strdup. They use openssl's. | ||
o Changed dkparse822() to make an address for dk_address(), which see. | ||
o Fixed a bug in dknewkey where it inserted an extra quote char. | ||
o Fixed a memory leak in dk_free(). Thanks Robert Powers. | ||
o Fixed makeheader to exit with zero. Thanks Slava Filimonov | ||
o Added clean to Makefile targets | ||
o Made changes to dktest to support new api entry points. | ||
o Adjust test cases. | ||
|
||
Changes from 0.62 to 0.63: | ||
|
||
o Change dktest's "-t 7" option so that it works even if not signing. | ||
o When using the h= tag, sign ALL instances of a header. | ||
o Only remember the Sender AFTER the DK-Sig when verifying. | ||
o Explicitly return DK_STAT_NOSIG if no sig was found. | ||
o Explicitly finish off the headers if there is no body. | ||
o Adjust test cases. | ||
|
||
Changes from 0.61 to 0.62: | ||
|
||
o This release now supports the -01 spec. | ||
o If the domain was missing from the DK-S: header, it segfaulted. | ||
o The TC8 test needed to have real headers rather than /dev/null. | ||
o The TC14 test returns different results in 0.61 and needed fixing. | ||
o Fix the bug reported by Richard Lyons on the qmail mailing list in | ||
message 120186: | ||
2. If the program is given a message to sign that's | ||
already signed, it will try to verify it. | ||
o dktest wasn't carrying failure status around properly. | ||
o Added support for multiple canonicalizations. | ||
. Have to parse the DK-Sig line earlier to get c= value. | ||
. Folded EVP_SignUpdate and EVP_VerifyUpdate into EVP_DigestUpdate. | ||
. Folded header and body processing into one call. | ||
o Fixed support for c=simple so it works with trailing blank lines. | ||
o Added support for Sender: signing domains. | ||
o Added a check for a=rsa-sha1 | ||
o Added a check for q=dns | ||
o Fixed a memory leak (wouldn't free the From: address) | ||
o Added support for signing domain being a subdomain of d=. | ||
o Used to be checking policy from signing domain, but spec says to | ||
use d=domain. | ||
o Added comments to makeheader.c and blank lines to its output. | ||
o dkparselist had a subtle bug wherein it skipped a character after | ||
the ';'. Most often that was a space, so no matter until I started | ||
deleting spaces for nofws testing. | ||
o dkparselist now checks for a trailing key but no value. | ||
o Found a memory leak. dk->sender wasn't being freed. | ||
o Added nofws support. | ||
o Broke dkpolicy() out into its own subroutine. It's now called in two | ||
places: if the signature doesn't verify, and if there is no signature at | ||
all. | ||
o Added a copyright license. | ||
o Completely changed the way headers were parsed, to handle h=. | ||
o Added h= support. | ||
o Added test cases. | ||
|
||
Changes from 0.60 to 0.61: | ||
|
||
o added -DBIND_8_COMPAT for BIND9's sake. | ||
o added dk_siglen to get the signature length. | ||
o moved privatekey parameter from dk_sign to dk_getsig. | ||
|
||
Changes from 0.59 to 0.60: | ||
|
||
o dns_txt.c should extract the TXT record into a PACKETSZ buffer, | ||
not MAXDNAME. | ||
o Fixed two error return values in dns_txt.c | ||
o dknewkey should delete its temporary file. | ||
o Implemented full-RFC2822 address parsing. | ||
o Added test case for dk_from to dktest.c | ||
o Wasn't returning flags correctly in dk_eom(). | ||
o Wasn't properly null-terminating the signature string. | ||
o Removed error notes from 'test'. | ||
o Added whole piles of RFC2822 address parsing to 'test'. | ||
|
||
Changes from 0.58 to 0.59: | ||
|
||
o dktest strips off the path from the key filename to get the selector. | ||
o dktest's -a option is now -b. | ||
o dktest now rewinds its stdin. | ||
o Added support for SWIG. | ||
o Added dknewkey, which generates a private/public key pair and formats | ||
the public key for insertion into a zone file. | ||
o Wrote man pages for dktest and dknewkey in HTML. | ||
o Portability fixes to Makefile, test, and dns_txt.c | ||
o Fixed a bug in multiple TXT character-string handling. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
CHANGES | ||
dktest.c | ||
dktest.html | ||
dns_txt.c | ||
dnstest.c | ||
domainkeys.c | ||
FILES | ||
Makefile | ||
makeheader.c | ||
README | ||
dktrace.c | ||
dktrace.h | ||
testtrace.c | ||
testcases | ||
test | ||
expected | ||
dog | ||
dknewkey | ||
dknewkey.html | ||
softwarelicense1-1.html | ||
libdomainkeys.sln | ||
libdomainkeys.vcproj | ||
makeheader.vcproj | ||
socktest.c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
CC=gcc | ||
CFLAGS=-DBIND_8_COMPAT -O2 | ||
#CFLAGS += -DDK_DEBUG -DDK_HASH_BUFF -Wall | ||
#CFLAGS += -DUNIXWARE | ||
INCS=-I. | ||
LIBS=-L. -ldomainkeys -lcrypto | ||
MAKE=make | ||
|
||
dktest: dktest.o libdomainkeys.a dns.lib socket.lib | ||
$(CC) $(CFLAGS) -o dktest dktest.o $(LIBS) `cat dns.lib` `cat socket.lib` | ||
|
||
dktest.o: dktest.c domainkeys.h | ||
$(CC) $(CFLAGS) -c dktest.c $(INCS) | ||
|
||
testtrace: testtrace.o dktrace.o dktrace.h | ||
$(CC) $(CFLAGS) -o testtrace testtrace.o dktrace.o | ||
|
||
dktrace.o: dktrace.c dktrace.h | ||
|
||
makeheader: makeheader.c | ||
$(CC) $(CFLAGS) -o makeheader makeheader.c | ||
domainkeys.o: domainkeys.c | ||
$(CC) $(CFLAGS) -c domainkeys.c $(INCS) | ||
dns_txt.o: dns_txt.c | ||
$(CC) $(CFLAGS) -c dns_txt.c | ||
dnstest.o: dnstest.c | ||
$(CC) $(CFLAGS) -c dnstest.c | ||
dnstest: dnstest.o dns_txt.o | ||
$(CC) $(CFLAGS) -o dnstest dnstest.o dns_txt.o | ||
dns.lib: dnstest.c | ||
(if $(MAKE) dnstest >/dev/null 2>&1; then echo -lresolv; else echo ""; fi) >dns.lib | ||
rm -f dnstest | ||
|
||
socktest.o: socktest.c | ||
$(CC) $(CFLAGS) -c socktest.c | ||
socktest: socktest.o | ||
$(CC) $(CFLAGS) -o socktest socktest.o -lsocket | ||
socket.lib: socktest.c | ||
(if $(MAKE) socktest >/dev/null 2>&1; then echo -lsocket -lnsl; else echo ""; fi) >socket.lib | ||
rm -f socktest | ||
|
||
domainkeys.h: domainkeys.c makeheader | ||
./makeheader <domainkeys.c >domainkeys.h | ||
|
||
libdomainkeys.a: domainkeys.o dns_txt.o dktrace.o | ||
rm -f libdomainkeys.a | ||
ar cr libdomainkeys.a domainkeys.o dns_txt.o dktrace.o | ||
ranlib libdomainkeys.a | ||
|
||
python: domainkeys_wrap.o _domainkeys.so | ||
|
||
domainkeys_wrap.o: domainkeys.h domainkeys.i domainkeys_wrap.c | ||
#swig -python -module domainkeys domainkeys.i | ||
$(CC) $(CFLAGS) -c domainkeys_wrap.c -I/usr/include/python2.4/ | ||
|
||
_domainkeys.so: domainkeys.o dns_txt.o dktrace.o domainkeys_wrap.o | ||
ld -shared domainkeys.o dns_txt.o dktrace.o domainkeys_wrap.o -lcrypto `cat dns.lib` -o _domainkeys.so | ||
|
||
clean: | ||
rm -f *.o *.so libdomainkeys.a dns.lib dnstest socktest makeheader dktest testtrace domainkeys.h | ||
|
||
# | ||
distributionfile: | ||
sh makedistribution.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
This is libdomainkeys. It's Copyright (c) 2004 Yahoo, Inc. | ||
This code incorporates intellectual property owned by | ||
Yahoo! and licensed pursuant to the Yahoo! DomainKeys Public License | ||
Agreement: http://domainkeys.sourceforge.net/license/softwarelicense1-1.html | ||
|
||
INSTALLATION | ||
|
||
C lib build | ||
'make' will create libdomainkeys.a and domainkeys.h. | ||
|
||
Or else it won't. | ||
|
||
Python module build | ||
'make python' will build the python wrapper and shared object (_domainkeys.so) | ||
|
||
Common problems with the build: | ||
|
||
If it can't find the openssl include files, you | ||
might need to add a -I pointing to them to INCS variable in the Makefile. | ||
In addition, you may have to add an -L to the the LIBS variable to point to the | ||
path for the crypto lib. | ||
|
||
Problems in "dns_text" with undefined refrences. Odds are the makefile failed | ||
to correctly setup the dns.lib file so the easy fix is to do this: | ||
echo "-lresolv" > dns.lib; make | ||
that should build the dktest binary. | ||
|
||
Unixware users may need to add -DUNIXWARE to the CFLAGS variable in the make file to | ||
make a compatable header file for cc (not gcc) on that platform. | ||
|
||
WIN32 | ||
|
||
Visual Studio 2003 Project files are included and configured to create | ||
lib or dll in debug or release mode. OpenSSL is required and your environment | ||
must be configured to find the openssl include files and pre-compiled library | ||
from where they are. In Visual Studio, see Tools/Options/Projects/VC++ | ||
Directories. | ||
|
||
USAGE | ||
|
||
See dktest.html and dknewkey.html. | ||
|
||
TESTING | ||
|
||
The program named 'test' will execute a number of test cases. | ||
|
||
./test | ||
|
||
It should only print the test case numbers. If it prints anything | ||
else, then that test failed. | ||
|
||
ERRATA | ||
|
||
None known. | ||
|
||
DOCUMENTATION | ||
|
||
Read domainkeys.h. If you need more information than it has, | ||
then I need to write more. | ||
|
||
|
||
Russell Nelson | ||
Crynwr Software | ||
nelson@crynwr.com | ||
315-323-1241 | ||
FWD# 404529 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/bin/sh | ||
|
||
BITS=384 | ||
if test -n "$2"; then BITS=$2; fi | ||
|
||
openssl genrsa -out $1 $BITS 2>/dev/null | ||
openssl rsa -in $1 -out /tmp/dknewkey.$$ -pubout -outform PEM 2>/dev/null | ||
if test -f /usr/local/bin/tinydns-data; then | ||
printf "'%s._domainkey.example.com:k=rsa; p=%s\n" `basename $1` `grep -v ^-- /tmp/dknewkey.$$ | tr -d '\n'` | ||
else | ||
printf "%s._domainkey\tIN\tTXT\t\"k=rsa; p=%s\"\n" `basename $1` `grep -v ^-- /tmp/dknewkey.$$ | tr -d '\n'` | ||
fi | ||
rm -f /tmp/dknewkey.$$ |
Oops, something went wrong.